What is the latest reliable way to index email dat...

dm1 · ‎03-07-2022

As the title suggests, I want to index data from Splunk user email account's inbox folder.

Splunk version - 8.2.4

Have already checked out TA-mailclient and IMAP Mailbox addons but none of them work and are unsupported

In the first add-on, no matter how many times I change the attribute disabled to 0 in inputs.conf, it goes back to 1 after a restart. In the second addon, after using the troubleshooting command, I get the following error

File "/opt/splunk/etc/apps/IMAPmailbox/bin/get_imap_email.py", line 104
    self.port = 993
                  ^
TabError: inconsistent use of tabs and spaces in indentation

Hence, can someone please advise how best to achieve this ?

PickleRick · ‎03-08-2022

The IMAP mailbox app seems to have last commit made to it on github 6 years ago or something like that so I would definitely not expect it to work (it is most probably written using python2 so it's no good for a modern splunk installation anyway).

But about the TA-mailclient... well, what can I say? Seems to work for me.

Search your internal index for anything related to TA-mailclient and see if you can get anything from that.

What is the latest reliable way to index email data from inbox folder in Splunk?

index

Linux

other

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life